A fake University website in order to steal e-mail passwords. Almost seems passe...
ZDNet said:The attackers used a Gmail addresses designed to look like they belonged to genuine academics at the University of London's School of Oriental and African Studies (SOAS), exploiting trust in the names of real staff.
The attackers operating the email address sent messages to prospective targets, inviting them to an online conference on "The US Security Challenges in the Middle East", including the offer to speak to the target on the phone to discuss details, which is unusual.
Eventually, the attackers sent a personalised "registration link" to their targets, sending them to what looked like a SOAS webinar platform.
This was hosted on a legitimate but compromised website belonging to University of London's SOAS Radio – a website SOAS says is separate from the main SOAS website and not part of the official domain - which asked the user to sign in to the platform via an email address, with options of different links to click on depending on the choice of email hosting provider of the victim.
Options included Google, Yahoo, Microsoft, iCloud, Facebook and others – and if the user clicked on the link, they'd be taken to a spoofed version of the email provider's login page, which the attackers could use to steal the username and password with the intention of espionage and additional phishing attacks.
These Iranian hackers posed as academics in a bid to steal email passwords
A state-backed hacking operation working out of Iran compromised a university website as part of its phishing campaign.
www.zdnet.com